COURSE of the MONTH

Problem booting - need to edit boot record?

I have a friend who uses Win 98. He downloaded Norton Security 2005 and his computer would not work. We tried everything to get rid of it. Booting to safe mode would not let us uninstall. We disabled it from startup win Msconfig.exe. We tried booting with confirmation and tried to stop it from starting that way. Nothing would get rid of this. Finally out of desperation and 3 hours later, we just decided to delete it from the registry. Which worked.

Now when he boots up he gets the following messages:

win registry of system.ini files refers to this device file but device no longer exists

Who is Participating?

I have a strong feeling that there is a typographic error in the name of the .vxd file you have quoted, GDoucette. I believe the file name should be SYMEVNT.386 rather than SYMEMT.VXD.

In all probability, you will find that the files C:\Program Files\Symantec\ - SYMEVNT1.DLL, SYMEVENT.SYS, and S32EVNT1.DLL and also C:\WINDOWS\SYSTEM\ - SYMEVNT.386 and SYMEVNT1.386 also exist on your computer and may be listed in your registry as "shared dll's" under the following keys:

If you also have any ActiveX components sitting in your C:\Windows\Downloaded Program Files folder related to Norton AntiVirus (eg. Symantec AntiVirus Scanner" and Symantec RuFSI Utility Class", then they could well appear as shared dll's in that key. If you DO have any ActiveX files there, right-click on them and select "Properties", then check what files it lists under the "dependencies" tab. Take note of them, and then look for them under that same registry key:

Delete the ActiveX files and the lines that relate to those named files in the registry key.

SYMEVNT.386 and SYMEVNT1.DLL exist in 2 places on my system:

C:\Windows\system
C:\Program Files\Symantec

The ones in the windows\system folder are the same version and date as the ones in the \program files\symantec folder, so you should delete BOTH copies of each file.

There should also be a registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\SYMEVNT

Delete the entire key IF there is an entry in it named "StaticVxD" and the value = "C:\PROGRA~1\SYMANTEC\SYMEVNT.386".

I have very strong doubts that SYMEVNT.386 or SYMEVNT1.DLL will be mentioned in any of your .INI files.

OK, now for the other file you mentioned SAVRTPEL.VXD.

I suggest that you search the registry and will probably find it listed under the:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\
key as "SAVRTPEL" and there will probably also be a "StaticVxD" item showing the value as "C:\PROGRA~1\SYMANTEC\SAVRTPEL.VXD".

IF SO, then delete the "SAVRTPEL" key.

Look under the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs
key for any entries matching "SAVRTPEL.VXD" or "SAVRTPEL.DLL". Delete any that relate directly.

Look also under C:\Windows\System for duplicate copies of the files that would probably also have been present in the folder C:\Program Files\Symantec. Delete them.

I can't provide any more precise details than this regarding the SAVRTPEL.VXD file, because I don't have Norton System Works installed, only Norton AntiVirus.

You most likely have a HUGE number of other related files left on your system, and an equal number of redundant entries in the registry also that may or may not cause further error messages.

You can make a backup copy of System.ini (which is in the Windows directory) by copying it to another directory, and perhaps renaming it (the copy) to System.bak or something similar. Then click on Start, select Run, type SYSEDIT, click OK, and click on the tab for System.ini. You should find a line or lines similar to those mentioned in your question. Delete them and reboot.

Do this by going to dos through Windows
Type cd.. to go back to the c:\ prompt
type edit edit config.sy Now nothing will be edited unless you go to file and click on save
To remove an item: Move the Underscore directly under the first letter in the command line
Type in Caps REM
go to FILE SAVE and click on SAVE
Choose FILE click on exit
Repeat the proces for autoexec.bat
Whe you finish and have exited, type Exit to get out of the dos mode

win registry of system.ini files refers to this device file but device no longer exists

C:Programs~1\symantec\symemt.386
C:Programs~1\Norton~2\Norton~1\savrtpel.vxd
The statement above is misleading. The reference is in the Registry due to the fact that you most likely did not remove the program through the COntrol Panel 'Install/Uninstall' Would reinstall the programs and then uninstall them

You can always go through Windows Explorer, windows/system and copy scanreg.exe to a floppy.

You can use the System Configuration Utility (msconfig) to temporarily disable lines in the system.ini file using the selective startup function. That way you can figure out which lines are causing the problem without permanantly changing anything. You can even temporarily disable the entire system.ini file to quickly determine if something in it is causing the problem.

I have a feeling that these won't allow an uninstall, because components may already have been deleted from the C:\Program Files\Symantec folder, but both of these additional Norton Programs would normally be able to uninstall entirely independently of Norton Antivirus, and they will have created the following folders and registry entries:

Right-Click each of the *.msi files in there and select "Properties". In the "Summary" tab, you will see what program this is the installer for. The one(s) for Norton System Works will probably be there. Delete it/them.

Now open REGEDIT again and get rid of the registry keys that point to the "Install Source" and the "Uninstall String".

HKEY_CURRENT_USER\Software\Symantec

As long as you have no other Symantec or Norton products installed (they would be listed in the sub-keys), delete the "Symantec" key.

HKEY_LOCAL_MACHINE\Software\Symantec

You will probably see a sub-key in there named "Symevent" which takes us back to the previous problem. As long as you have no other Symantec or Norton products installed (they would be listed in the sub-keys), delete the "Symantec" key.

There MAY still be entries in there for Norton components instructing them to load at startup. delete the relevant entries from the "Run" or "RunServices" keys but be sure that they DO relate to Norton before doing this. This is what caza13 was suggesting through use of the MSCONFIG utility in Windows.

Go down through each of the sub-keys looking for any that relate to Norton or Symantec.

Some will have {long-numbers} instead of names, but if you click on each in turn, you will see details in the right-hand pane that will tell you whether they are relevant, for instance, Norton AntiVirus 2002 uses the key:

You will probably also see a LOT of sub-keys with names that start with "Symantec." personally I wouldn't risk just deleting ALL of them, but the risk is yours. Put it this way, what other Symantec programs are left on your computer?

If you know for absolute certain that there are none, then feel free, but doing this incurs risks all round and the entries may do no further harm until you ever format and reinstall.

You are right, if one does not do a complete uninstall it using the Install/uninstall software feature in the control panel for 99 percent of the programs, it will lead to stragglers in the Registry.

With Norton, one must do it with the cd Rom. At this point the client may be offered to uninstall Norton competely. If not, then to install it and using the cd rom again, uninstall it. Norton knows when the program is installed and then offers to uninstall it. For Norton this is the best measure.

1. The specs for the computer Norton Internet Security was installed on
2. Does that computer match the minimum specifications
3. Was it installed from a download or from CD
4. If from either of the above, was it a genuine purchase or a copy of someone else's
5. If either mentioned at No. 3, was it a "try before buy" version or upgrade version
6. Was there already a virus on the computer that hindered the installation
7. What exactly is meant by "his computer would not work".

(a) Verify that the computer is virus-free or this could abort or hinder an installation
(b) Uninstall any other antivirus or firewall programs
(c) Stop all running programs using MSCONFIG and then Task List after rebooting
(d) Delete all files in the Windows Temporary folder
(e) Defrag and Scandisk
(f) Start Installation
(g) Pre-Install Scan scans computer for viruses before installation routine (done or aborted?)
(h) Install (was it to default directory or to some other folder?)
(i) Restart Windows (did you at that time, or did you try and configure it first?)
(j) Configuration Wizard should run at reboot (did it?)
(k) Configuration Wizard goes online to activate NISecurity and complete post-installation setup (did it, or did you opt to do so later?)
(l) LiveUpdate attempts to run online (did you let it?)

6. Were you ever notified that the installation had failed, as indicated on this page?

Possible reasons for a failed install are the presence of an existing virus. If the installation failes, you should be informed of this, but prompts asking if you want to try again fail to allow installation. Subsequent efforts to uninstall may also fail due to the presence of certain files and registry entries. The above page suggests RENAMING the folders, but I see no reason for doing so when they can just as easily be deleted.

All of the details (apart from the preinstallation procedures and post installation procedures) I have discussed in my previous comments describing how to perform a cleanup.

There are quite a few reasons why the installation might have failed, but I suggest that we go no further in providing more explanations until GDoucette decides to return to this question and provide some acknowledgement or feedback.

Actually, the following might make things easier to do and can be performed from DOS. It is based ONLY on the details that I can ascertain from my installation of Norton AntiVirus and the details I have verified online. The .reg file will ignore entries that it does not find.

You will first copy the batch file and .reg file to the c:\windows folder, and then run the batch file.

First create a file named remnis.txt containing the following and copy it to the c:\windows folder:

;----------- start of text to copy (don't include this line) ----------------
REGEDIT4

So this is not my computer so I am not sure exactly what happened prior to install of Norton. What I was told is that it was working perfectly. The user went onto the Symantec website downloaded Norton Security and when it was finished he rebooted his computer.

When he rebooted he would get to the desktop and it would stop responding. If he clicked start nothing would happen. The only way he could shut down was by Ctrl Alt Del. No programs were running.

I booted into safe mode, went into msconfig and disabled everything except for Win items, from startup. Tried rebooting normally would not work.

Booted with confirmation, told Norton items not to start, still would not work when booted.

Tried everything I could possibly think of, nothing worked. He was desperate and asked me to format his system, I said I could remove Norton from the registry, so at least he wouldn't loose anything else.

So thats what we did. Then we were able to boot up. I ran Trend on the machine, no viruses were found. I ran Adaware and Spybot and picked up 200+ spyware. Deleted those. Deleted a bunch of junk, Kazza, Messenger +, etc. off the machine.

Everything works fine now with the exception of those few lines at startup. I imagine I didn't delete everything from the regsitry.

I am going over to his house tommorrow and will take your suggestions, will let you know what happened.

My comments were really just some ideas that might help you locate settings and entries.

I suspected that this might have been a download and install process. Sounds to me like your client has possibly "run this program from source" rather than downloaded the file "NIS_Retail.EXE" and used that file to start the installation once offline.

A few immediate possibilities if that was the case:

1. Slow connection aborted the download connection midway through installation leaving debris in temporary internet file folder and memory choked up leaving it unable to do its initial scan for viruses, which includes scanning the memory
2. Presence of existing AntiVirus or Firewall software has aborted or interfered with the installation, with the same results as above
3. Presence of Viruses or Running processes such as the spyware has resulted in the same as 2 above.

Hey, that IS GREAT NEWS, GDoucette, and thanks. Some things ARE worth persevering with.

It's a pity that Symantec haven't created a cleanup tool for that application. They has tools for Norton AntiVirus 2003 and 2004, but as far as I know that was all. The tools don't work on earlier versions, and where NAV is installed as part of a software "suite", then it only addresses part of the problem.

You know, I'm still using a 90 day OEM Norton AV 2002 version on this PC. I know it's cheating, but I've got the uninstall sequence off to a tee now, and I have a batch file that wipes out the residual files and folders, and then a .reg file that reinstates my settings again after a reinstall for another 90 days. A 10 minute job with 4 reboots is all it takes, and the Intelligent Updater Definition Updates that I download manually are recognised without fail. Just don't touch that "LiveUpdate" link :-)

I have found that AVG AntiVirus (free edition - after registration) scans emails thoroughly and hasn't missed one virus yet. The problem is that the "Resident Shield" ("AutoProtect" in Symantese) does slow down a slower computer quite significantly and can lead to freezes. A well trained operative will meticulously scan all downloads for viruses, so I tend to suggest leaving it off. Automated online definition updates are flawless, and I haven't had one mess up yet.

Zone Alarm firewall is well quoted by some quite influential people like Steve Gibson (http://www.grc.com/default.htm) of Gibson Research, and I haven't seen too many problems with it. I recommend that all online computers be tested with his "Shields Up" page for open ports and other security holes: https://www.grc.com/x/ne.dll?bh0bkyd2 (if you try that with a firewall running, expect to see probing from IP addresses: 204.1.226.224 to 204.1.226.255 - all owned by grc.com).

My impression is that so many of the vendors of current software all expect that we are running Windows XP, and haven't taken the time to fully test their offerings in Windows 98 which they now see as old-hat.